Consider a situation where IT Dept is forbidden to touch some
machines because the information they contain is "too sensitive".

How do we manage security in such a case?

Answer (98 times out of 100): The most critical information in
the enterprise winds up on the least secure machines in the
enterprise.

David Gillett

> -----Original Message-----
> From: sf_mail_sbm@yahoo.com [mailto:sf_mail_sbm@yahoo.com]
> Sent: Tuesday, November 30, 2004 4:10 AM
> To: security-basics@securityfocus.com
> Subject: Controlling access to servers
>
>
>
>
> Hi List,
>
> Consider a situation where IT Dept has full access and
> control over all servers
>
> How do we manage security in such a case? i.e. how can we put
> control measures to prevent IT Admins to do whatever they
> want on the system without going through a proper control &
> approval process
>
> One solution might be to give the admin passwords to the IT
> Security Section or the IT Audit, in this way, Admins will
> have to request them to log in the machine for all interventions
>
> Of course this solution has lots of drawbacks!
>
> I would be glad to know how other companies manage to control
> changes being done on IT systems, particularly in large organisations
>
> Thanks for your comments
>
> Ronish
>

Relevant Pages

RE: Massive Potential Abuse of Windows Machines Via Update... I know its a windows security setting that is unable to install but dont ... Re-build’s galore, new machines, super fandango firewall routers, set up by ... to get control of machines without the user being alerted too much has got to ...(microsoft.public.windowsupdate)

Re: Windows form control will not render in IE... Perhaps there is a security issue - did you check the .NET security policy ... > machines with the same framework version the control does not render. ... All I get on the client...(microsoft.public.dotnet.framework.aspnet)

Re: FW: Controlling access to servers... > and control over all ... > How do we manage security in such a case? ... ALL Admins should log on to ... Giving the admin passwords to IT Security or Audit is ...(Security-Basics)

Re: Use AD computer policy to apply local user policy... PeopleSoft and that actually handles the account control so we have roughly ... 16,000 user accounts in the stand User container (not really cool if you ask ... Are these machines somehow... If you can justify it and after checking with the "user" admins,...(microsoft.public.windows.server.active_directory)

Re: Win2K / Netware networking question...>admins will have full knowledge of the existence of these machines....rights in NDS to do it, and if I was ever asked to do that (and I ...control would give the admins the rights of whoever was logged in to the ...(comp.security.misc)